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DETAILED ACTION 



Claims 1-58 are presented for examination. 



Claim Objections 



2. Claim 40 is objected to because of the following informalities: the computer program 
product is dependent on the claim 19, which is a computer method. Appropriate correction is 
required. 



3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-2, 7-12, 15-22, 27-32, 35-42, 47-52, and 55-58 are rejected under 35 
U.S.C. 102(e) as being anticipated by Deianov et al. (6529985) (hereinafter Deianov et al.). 

5. As per claim 1, Deianov et al. teaches method for virtualizing super-user privileges in a 
computer operating system including multiple virtual processes, the method comprising: 

designating a plurality of virtual super-users, each virtual super-user being associated 
with a separate virtual process (e.g. col. 3 line 65-67); 



Claim Rejections - 35 USC §102 
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intercepting a system call for which actual super-user privileges are required (e.g. col. 4 
line 5-10); 

in response to the intercepted system call being made by a virtual super-user and 

pertaining to the virtual process of the virtual super-user (e.g. col. 4 line 10); 
granting actual super-user privileges to the virtual super-user (e.g. col. 4 line 42- 

45); and 

allowing execution of the system call (e.g. col. 4 line 30). 

6. As per claims 21 and 41 are rejected for similar reasons as stated above. 

7. As per claim 2, Deianov et al. teaches method of claim 1, further comprising: 
withdrawing the actual super-user privileges from the virtual super-user after execution 

of the system call (e.g. col. 4 line 42-45). 

8. As per claims 22 and 42 are rejected for similar reasons as stated above. 

9. As per claim 7, Deianov et al. teaches method of claim 1, wherein the intercepted system 
call comprises 

a system call for accessing a file (e.g. col. 1 line 34-40 and col. 6 line 46-58). 

10. As per claims 27 and 47 are rejected for similar reasons as stated above. 

11. As per claim 8, Deianov et al. teaches method of claim 7, wherein the intercepted system 
call pertains to the virtual process of the virtual super-user when the file to be accessed is 
associated with the same virtual process (e.g. col. 6 line 59-66). 

12. As per claims 28 and 48 are rejected for similar reasons as stated above. 



Application/Control Number: 09/747,687 Page 3 

Art Unit: 2126 

13. As per claim 9, Deianov et al. teaches method of claim 1, wherein the intercepted system 
call comprises a system call for terminating a process (e.g. col. 6 line 27-36 and col. 12 line 51- 
53). 

14. As per claims 29 and 49 are rejected for similar reasons as stated above. 

15. As per claim 10, Deianov et al. teaches method of claim 9, wherein the intercepted 
system call pertains to the virtual process of the virtual super-user when the process to be 
terminated is associated with the same virtual process (e.g. col. 8 line 29-38). 

16. As per claims 30 and 50 are rejected for similar reasons as stated above. 

17. As per claim 11, Deianov et al. teaches method of claim 1, wherein the intercepted 
system call comprises a system call for terminating all processes associated with a virtual 
process, the method further comprising: 

identifying each process associated with the virtual process and terminating each 
identified process (e.g. col. 8 line 12-28). 

18. As per claims 31 and 51 are rejected for similar reasons as stated above. 

19. As per claim 12, Deianov et al. teaches method of claim 1 1 , wherein an association data 
structure stores associations between processes and virtual processes, and wherein identifying 
comprises: 

identifying each process by its association with the virtual process in the association data 
structure (e.g. col. 7 line 24-25). 

20. As per claims 32 and 52 are rejected for similar reasons as stated above. 
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21. As per claim 15, Deianov et al. teaches method of claim 1, further comprising: 
responsive to the intercepted system call not being made by a virtual super-user, 

disallowing execution of the system call (e.g. col. 12 line 21-28). 

22. As per claims 35 and 55 are rejected for similar reasons as stated above. 

23. As per claim 16, Deianov et al. teaches method of claim 1, further comprising: 
responsive to the intercepted system call being made by a virtual super-user and not 

pertaining to the virtual process of the virtual super-user, disallov^ing execution of the system 
call (e.g. col. 12 line 21-28). 

24. As per claims 36 and 56 are rejected for similar reasons as stated above. 

25. As per claim 17, Deianov et al. teaches method of claim 1, further comprising: 
responsive to the intercepted system call comprising a system call for inserting a module 

into an operating system kernel, disallowing execution of the system call (e.g. col. 1 1 line 55-60 
and col. 12 line 31-33). 

26. As per claims 37 and 57 are rejected for similar reasons as stated above. 

27. As per claim 18, Deianov et al. teaches method of claim 1, wherein allowing comprises: 
executing the system call (e.g. col. 12 line 39). 

28. As per claims 38 and 58 are rejected for similar reasons as stated above. 

29. As per claim 19, Deianov et al. teaches method of claim 1, wherein intercepting a system 
call comprises: 

loading a system call wrapper, (e.g. col. 10 line 28-30 and line 42 and col. 1 1 line 60); 
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saving a pointer to the system call (e.g. col. 10 line 31-32 and col. 1 1 line 61-64); and 
replacing the pointer to the system call with a pointer to the system call wrapper, such 

that the system call wrapper is executed when the system call is invoked (e.g. col. 10 line 33 and 

col. 11 line 7-9). 

30. As per claim 39 is rejected for similar reasons as stated above. 

31. As per claim 20, Deianov et al. teaches method of claim 1 9, wherein the pointer to the 
first system call comprises a system call vector (e.g. col. 6 line 5-15). 

32. As per claim 40 is rejected for similar reasons as stated above 



33. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



34. Claims 3-6, 13-14, 23-26, 33-34, 43-46 and 53-54 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Deianov et al. (6529985) (hereinafter Deianov et al.) in view of Ault et 
al. (5764889) (hereinafter Ault et al.). 

35. As per claim 3, Deianov et al. does not specifically teach a method of assigning a virtual 
super-user identifier to each virtual super-user as recited in claim 3. Ault et al. teaches a method 



Claim Rejections - 35 USC § 103 



to assign a virtual super-user identifier to each virtual super-user (e.g. col. 5 line 40-46). 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine Deianov et al. with Ault et al. because it would accomplish to issue a 
virtual super user ID to each virtual super user from the user task process request from the 
client/server system so that would give the privileges to the authorized user and create a security 
environment system. 

36. As per claims 6, 23, 26, 43, and 46 are rejected for similar reasons as stated above. 

37. As per claim 4, Deianov et al. does not specifically teach a method of each virtual 
super-user identifier comprises a super-user identifier and an indication of a virtual process. Ault 
et al. teaches a method to each virtual super-user identifier comprises a super-user identifier and 
an indication of a virtual process (e.g. col, 4 line 66-67 and col. 5 line 8-9). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine Deianov et al. with Ault et al. because it would show the relationship 
between the specific user identifier and its requested task to be proceed; therefore, it would 
accomplish to establish each virtual super user identifier and indication of the process from the 
operating system. 

38. As per claims 24 and 44 are rejected for similar reasons as stated above. 

39. As per claim 5, Deianov et al. does not specifically teach a method of assigning and 
storing a user identifier as recited in claim 5. Ault et al. teaches a method of assigning a user 
identifier to a virtual super user and storing the user identifier and an indication of the virtual 
process of the virtual super-user in a virtual super-user list (e.g. col. 3 line 54-62 and line 28-45). 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine Deianov et al. with Ault et al because it would accompHsh to create a new 



40. As per claims 25 and 45 are rejected for similar reasons as stated above. 

41 . As per claim 13, Deianov et al. does not specifically teach a method of claim 1, wherein 
the system call is made by a virtual super user when a user making the call has a virtual 
super-user identifier. Ault et al. teaches a method of the system call is made by a virtual super- 
user when a user making the call has a virtual super-user identifier (e.g. col. 4 line 46-50 and col. 
5 line 15-28). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine Deianov et al. with Ault et al. because it would create a security 
environment for a user request task process and operates as a super user, so that it would 
accomplish to process a system call is made by super user request when the call having super 
user ID from the user task request process. 

42. As per claims 33 and 53 are rejected for similar reasons as stated above. 

43. As per claim 14, Deianov et al. does not specifically teach a method of claim 1, wherein 
the system call is made by a virtual super user when a user making the call has user identifier in a 
virtual super-user list. Ault et al. teaches a method of the system call is made by a virtual super 
user when a user making the call has user identifier in a virtual super-user list (e.g. col. 5 line 10- 



user ED storing the user ID fi-om the user task request process in the security database. 



22). 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine Deianov et al. with Ault et al. because the system call would cause a 
kernel spawn routine to create a new process for each task request; once it completes the task, it 
would execute and issue a next process in the Ust; thus it would accompHsh to process a system 
call is made from the super user list from the user task request process. 

44. As per claims 34 and 54 are rejected for similar reasons as stated above. 



Any inquiry conceming this communication or earlier communications from the 
examiner should be directed to Loan B Nguyen whose telephone number is (703) 305-0358. The 
examiner can normally be reached on 8:00AM - 4:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John FoUansbee can be reached on (703) 305-8498. The fax phone number for the 
organization where this appHcation or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 



Conclusion 



Loan B. Nguyen 
September 11,2003 




